带有 Detours 3.0 Express 的简单数据包记录器
Posted
技术标签:
【中文标题】带有 Detours 3.0 Express 的简单数据包记录器【英文标题】:Simple packet logger with Detours 3.0 Express 【发布时间】:2012-11-23 15:32:49 【问题描述】:我的系统:Microsoft Windows XP Professional 32 位
IDE/编译器:Microsoft Visual C++ 2010 Express Edition
图书馆:Detours 3.0 Express
目标:编写简单的数据包记录器。
我的代码:
mydll.cpp
#include <cstdio>
#include <windows.h>
#include <detours.h>
#pragma comment(lib,"detours.lib")
#pragma comment(lib,"ws2_32.lib")
int (WINAPI *pSend)(SOCKET s, const char* buf, int len, int flags) = send;
int WINAPI MySend(SOCKET s, const char* buf, int len, int flags);
int (WINAPI *pRecv)(SOCKET s, char* buf, int len, int flags) = recv;
int WINAPI MyRecv(SOCKET s, char* buf, int len, int flags);
FILE* pSendLogFile;
FILE* pRecvLogFile;
int WINAPI MySend(SOCKET s, const char* buf, int len, int flags)
fopen_s(&pSendLogFile, "C:\\SendLog.txt", "a+");
fprintf(pSendLogFile, "%s\n", buf);
fclose(pSendLogFile);
return pSend(s, buf, len, flags);
int WINAPI MyRecv(SOCKET s, char* buf, int len, int flags)
fopen_s(&pRecvLogFile, "C:\\RecvLog.txt", "a+");
fprintf(pRecvLogFile, "%s\n", buf);
fclose(pRecvLogFile);
return pRecv(s, buf, len, flags);
BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved)
if (DetourIsHelperProcess())
return TRUE;
if (dwReason == DLL_PROCESS_ATTACH)
DetourRestoreAfterWith();
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)pRecv, MyRecv);
DetourTransactionCommit();
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)pSend, MySend);
DetourTransactionCommit();
else if (dwReason == DLL_PROCESS_DETACH)
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach(&(PVOID&)pRecv, MyRecv);
DetourTransactionCommit();
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach(&(PVOID&)pSend, MySend);
DetourTransactionCommit();
return TRUE;
injector.cpp
#include <windows.h>
#include <detours.h>
#pragma comment(lib,"detours.lib")
int main(int argc, char *argv[])
STARTUPINFO si;
PROCESS_INFORMATION pi;
ZeroMemory(&si, sizeof(si));
ZeroMemory(&pi, sizeof(pi));
si.cb = sizeof(si);
si.dwFlags = STARTF_USESHOWWINDOW;
si.wShowWindow = SW_SHOW;
if(!DetourCreateProcessWithDllEx("C:\\Program Files\\Internet Explorer\\iexplore.exe",
NULL, NULL, NULL, TRUE,
CREATE_DEFAULT_ERROR_MODE | CREATE_SUSPENDED,
NULL, NULL, &si, &pi,
"C:\\Documents and Settings\\Dawid\\Pulpit\\detours_test\\Detours_test\\Release\\Detours_test.dll", NULL))
MessageBox(0, "failed", 0, 0);
else
MessageBox(0, "success", 0, 0);
ResumeThread(pi.hThread);
WaitForSingleObject(pi.hProcess, INFINITE);
CloseHandle(&si);
CloseHandle(&pi);
return EXIT_SUCCESS;
错误信息:
(iexplore.exe) 应用程序
问题: 我的代码有什么问题?为什么会出现此错误?
【问题讨论】:
虽然可以推断出您需要什么帮助,但实际上提出问题会很好。 问题:我的代码有什么问题?为什么会出现此错误? 【参考方案1】:已解决
我删除了函数:
DetourRestoreAfterWith();
来自 DLL 并添加到 DLL 函数中:
extern "C" __declspec(dllexport) void dummy(void)
return;
现在可以了!
mydll.cpp
#include <cstdio>
#include <windows.h>
#include <detours.h>
#pragma comment(lib,"detours.lib")
#pragma comment(lib,"ws2_32.lib")
int (WINAPI *pSend)(SOCKET s, const char* buf, int len, int flags) = send;
int WINAPI MySend(SOCKET s, const char* buf, int len, int flags);
int (WINAPI *pRecv)(SOCKET s, char* buf, int len, int flags) = recv;
int WINAPI MyRecv(SOCKET s, char* buf, int len, int flags);
FILE* pSendLogFile;
FILE* pRecvLogFile;
int WINAPI MySend(SOCKET s, const char* buf, int len, int flags)
fopen_s(&pSendLogFile, "C:\\SendLog.txt", "a+");
fprintf(pSendLogFile, "%s\n", buf);
fclose(pSendLogFile);
return pSend(s, buf, len, flags);
int WINAPI MyRecv(SOCKET s, char* buf, int len, int flags)
fopen_s(&pRecvLogFile, "C:\\RecvLog.txt", "a+");
fprintf(pRecvLogFile, "%s\n", buf);
fclose(pRecvLogFile);
return pRecv(s, buf, len, flags);
extern "C" __declspec(dllexport) void dummy(void)
return;
BOOL WINAPI DllMain(HINSTANCE hinst, DWORD dwReason, LPVOID reserved)
if (DetourIsHelperProcess())
return TRUE;
if (dwReason == DLL_PROCESS_ATTACH)
//DetourRestoreAfterWith();
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)pSend, MySend);
DetourTransactionCommit();
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourAttach(&(PVOID&)pRecv, MyRecv);
DetourTransactionCommit();
else if (dwReason == DLL_PROCESS_DETACH)
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach(&(PVOID&)pSend, MySend);
DetourTransactionCommit();
DetourTransactionBegin();
DetourUpdateThread(GetCurrentThread());
DetourDetach(&(PVOID&)pRecv, MyRecv);
DetourTransactionCommit();
return TRUE;
injector.cpp
#include <windows.h>
#include <detours.h>
#pragma comment(lib,"detours.lib")
int main(int argc, char *argv[])
STARTUPINFO si;
PROCESS_INFORMATION pi;
ZeroMemory(&si, sizeof(si));
ZeroMemory(&pi, sizeof(pi));
si.cb = sizeof(si);
si.dwFlags = STARTF_USESHOWWINDOW;
si.wShowWindow = SW_SHOW;
if(!DetourCreateProcessWithDllEx("C:\\client.exe",
NULL, NULL, NULL, TRUE,
CREATE_DEFAULT_ERROR_MODE | CREATE_SUSPENDED,
NULL, NULL, &si, &pi,
"C:\\Documents and Settings\\Dawid\\Pulpit\\detours_test\\Detours_test\\Release\\Detours_test.dll", NULL))
MessageBox(0, "failed", 0, 0);
else
MessageBox(0, "success", 0, 0);
ResumeThread(pi.hThread);
WaitForSingleObject(pi.hProcess, INFINITE);
CloseHandle(&si);
CloseHandle(&pi);
return EXIT_SUCCESS;
【讨论】:
以上是关于带有 Detours 3.0 Express 的简单数据包记录器的主要内容,如果未能解决你的问题,请参考以下文章
Detours 3.0 钩子 GetProcAddresss()
Detours Hook:GetVolumeInformation 随机卷序列
NodeJS:Express 3.0 with connect-flash(按照护照本地策略中的建议),仍然发现 req.flash 异常
Socket.IO 错误“listen()”方法在迁移到 Express 3.0 后需要一个“http.Server”实例